diff --git a/back/methods/account/recover-password.js b/back/methods/account/recover-password.js
index 618b46946e..f08ff89682 100644
--- a/back/methods/account/recover-password.js
+++ b/back/methods/account/recover-password.js
@@ -20,8 +20,11 @@ module.exports = Self => {
 
         try {
             await models.user.resetPassword({email});
-        } catch (e) {
-            return;
+        } catch (err) {
+            if (err.code === 'EMAIL_NOT_FOUND')
+                return;
+            else
+                throw err;
         }
     };
 };
diff --git a/db/changes/10502-november/00-aclUserPassword.sql b/db/changes/10502-november/00-aclUserPassword.sql
new file mode 100644
index 0000000000..b92b54c283
--- /dev/null
+++ b/db/changes/10502-november/00-aclUserPassword.sql
@@ -0,0 +1,2 @@
+DELETE FROM `salix`.`ACL`
+    WHERE model = 'UserPassword';
diff --git a/front/salix/components/login/reset-password.js b/front/salix/components/login/reset-password.js
index 455b98d933..9ee1fdb620 100644
--- a/front/salix/components/login/reset-password.js
+++ b/front/salix/components/login/reset-password.js
@@ -1,6 +1,5 @@
 import ngModule from '../../module';
 import './style.scss';
-const axios = require('axios');
 
 export default class Controller {
     constructor($scope, $element, $http, vnApp, $translate, $state, $location) {
@@ -16,11 +15,7 @@ export default class Controller {
     }
 
     $onInit() {
-        const headers = {
-            Authorization: this.$location.$$search.access_token
-        };
-
-        axios.post('api/UserPasswords/findOne', null, {headers})
+        this.$http.get('UserPasswords/findOne')
             .then(res => {
                 this.passRequirements = res.data;
             });
@@ -38,7 +33,7 @@ export default class Controller {
 
         const newPassword = this.newPassword;
 
-        axios.post('api/users/reset-password', {newPassword}, {headers})
+        this.$http.post('users/reset-password', {newPassword}, {headers})
             .then(() => {
                 this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
                 this.$state.go('login');
diff --git a/modules/account/back/models/user-password.json b/modules/account/back/models/user-password.json
index 1b7e49edd7..53909ad1fa 100644
--- a/modules/account/back/models/user-password.json
+++ b/modules/account/back/models/user-password.json
@@ -30,5 +30,13 @@
 			"type": "number",
 			"required": true
 		}
-	}
+	},
+    "acls": [
+      {
+        "accessType": "READ",
+        "principalType": "ROLE",
+        "principalId": "$everyone",
+        "permission": "ALLOW"
+      }
+    ]
 }